Ebook Download Inside Java¿ 2 Platform Security: Architecture, API Design, and Implementation (2nd Edition), by Li Gong, Gary Ellison, Mary Dagefo
Again, reviewing habit will always give useful benefits for you. You may not need to spend sometimes to review the book Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo Just reserved numerous times in our extra or leisure times while having meal or in your workplace to read. This Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo will certainly show you brand-new thing that you can do now. It will certainly aid you to enhance the quality of your life. Occasion it is just an enjoyable e-book Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo, you could be happier and also much more enjoyable to enjoy reading.
Inside Java¿ 2 Platform Security: Architecture, API Design, and Implementation (2nd Edition), by Li Gong, Gary Ellison, Mary Dagefo
Ebook Download Inside Java¿ 2 Platform Security: Architecture, API Design, and Implementation (2nd Edition), by Li Gong, Gary Ellison, Mary Dagefo
This is it guide Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo to be best seller just recently. We offer you the very best deal by getting the stunning book Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo in this site. This Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo will certainly not only be the sort of book that is challenging to find. In this web site, all kinds of books are offered. You could browse title by title, writer by author, and also publisher by author to figure out the very best book Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo that you can review now.
How can? Do you think that you do not require sufficient time to go with purchasing publication Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo Never ever mind! Just rest on your seat. Open your gadget or computer system as well as be online. You can open or see the link download that we supplied to get this Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo By in this manner, you could get the online book Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo Reviewing guide Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo by online could be actually done easily by waiting in your computer as well as gadget. So, you could proceed each time you have downtime.
Checking out the e-book Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo by on-line can be likewise done effortlessly every where you are. It seems that hesitating the bus on the shelter, waiting the checklist for line up, or various other places possible. This Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo can accompany you during that time. It will certainly not make you feel bored. Besides, through this will additionally enhance your life high quality.
So, merely be right here, discover guide Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo now and review that swiftly. Be the initial to read this publication Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo by downloading in the web link. We have other books to read in this site. So, you can locate them also effortlessly. Well, now we have actually done to supply you the most effective e-book to read today, this Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo is actually ideal for you. Never ever dismiss that you need this publication Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo to make better life. On the internet book Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo will really provide very easy of every little thing to review and take the perks.
In this text, the architects of the Java security model illustrate the J2SE security system. This second edition is fully updated to chronicle J2SE v1.4 security model enhancements that will allow developers to build safer, more reliable and more implementable programs.
- Sales Rank: #2295416 in Books
- Published on: 2003-06-06
- Released on: 2003-05-27
- Original language: English
- Number of items: 1
- Dimensions: 9.00" h x .90" w x 6.60" l, 1.62 pounds
- Binding: Paperback
- 384 pages
Amazon.com Review
An expert tour of security on the new Java 2 platform, Inside Java 2 Security will find an enthusiastic audience among advanced Java developers and system administrators. As the author notes during the general discussion on network security, safeguarding your system goes far beyond mere cryptography.
This book reviews multiple security threats and the strategies used to combat them, such as denial of service attacks, Trojan horses, and covert channels. In addition, it touches on the evolution of Java security from the restrictive days of the JDK 1.0 sandbox to the sophisticated security features available in Java 2, including a section that presents a list of 11 security bugs found in early versions of Java.
Because Java 2 security is now policy-based, it must be managed by system administrators as part of enterprise security. A chapter on Java 2 security presents the "big picture" as well as the classes used to implement policy-based security where developers can control access to an entire system like files, network resources, or runtime permissions on code. The book also discusses the rather primitive tools used for Java 2 security management such as the policytool utility. For advanced developers, further sections demonstrate how to create new permission classes and how to make JDK 1.1 security code migrate to Java 2.
A section on the Java Cryptography Architecture (JCA) shows that Java 2 supports the latest in encryption standards like SHA, DSA, RSA, and X.509 certificates. The text concludes with some well-considered predictions for the future of security on the Java platform. In the meantime, this book shows you what you will need to know about security when committing to Java 2 on the enterprise. Security is now part of the picture and will require both extra development time and administrative effort. --Richard Dragan
From the Inside Flap
Give me a lever and a fulcrum, and I can move the globe. --Archimedes
Since Java technology's inception, and especially its public debut in the spring of 1995, strong and growing interest has developed regarding the security of the Java platform, as well as new security issues raised by the deployment of Java technology. This level of attention to security is a fairly new phenomenon in computing history. Most new computing technologies tend to ignore security considerations when they emerge initially, and most are never made more secure thereafter. Attempts made to do so typically are not very successful, as it is now well known that retrofitting security is usually very difficult, if not impossible, and often causes backward compatibility problems. Thus it is extremely fortunate that when Java technology burst on the Internet scene, security was one of its primary design goals. Its initial security model, although very simplistic, served as a great starting place, an Archimedean fulcrum. The engineering talents and strong management team at JavaSoft are the lever; together they made Java's extensive security architecture a reality.
From a technology provider's point of view, security on the Java platform focuses on two aspects. The first is to provide the Java platform, primarily through the Java Development Kit, as a secure, platform on which to run Java-enabled applications in a secure fashion. The second is to provide security tools and services implemented in the Java programming language that enable a wider range of security-sensitive applications, for example, in the enterprise world.
I wrote this book with many purposes in mind. First, I wanted to equip the reader with a brief but clear understanding of the overall picture of systems and network security, especially in the context of the Internet environment within which Java technology plays a central role, and how various security technologies relate to each other.
Second, I wanted to provide a comprehensive description of the current security architecture on the Java platform. This includes language features, platform APIs, security policies, and their enforcement mechanisms. Whenever appropriate, I discuss not only how a feature functions, but also why it is designed in such a way and the alternative approaches that we--the Java security development team at Sun Microsystems--examined and rejected. When demonstrating the use of a class or its methods, I use real-world code examples whenever appropriate. Some of these examples are synthesized from the JDK 1.2 code source tree.
Third, I sought to tell the reader about security deployment issues, both how an individual or an enterprise manages security and how to customize, extend, and enrich the existing security architecture. Finally, I wanted to help developers avoid programming errors by discussing a number of common mistakes and by providing tips for safe programming that can be immediately applied to ongoing projects. How This Book Is Organized
This book is organized as follows: Chapter 1. A general background on computer, network, and information security Chapter 2. A review of the original Java security model, the sandbox Chapter 3. An in-depth look at the new security architecture in JDK 1.2, which is policy-driven and capable of enforcing fine-grained access controls Chapter 4. An explanation of how to deploy and utilize the new security features in JDK 1.2, including security policy management, digital certificates, and various security tools Chapter 5. A demonstration of how to customize various aspects of the security architecture, including how to move legacy security code onto the JDK 1.2 platform Chapter 6. A review of techniques to make objects secure and tips for safe programming Chapter 7. An outline of the Java cryptography architecture along with usage examples Chapter 8. A look ahead to future directions for Java security
This book is primarily for serious Java programmers and for security professionals who want to understand Java security issues both from a macro (architectural) point of view as well as from a micro (design and implementation) perspective. It is also suitable for nonexperts who are concerned about Internet security as a whole, as this book clears up a number of misconceptions around Java security.
Throughout this book, I assume that the reader is familiar with the fundamentals of the Java language. For those who want to learn more about that language, the book by Arnold and Gosling is a good source. This book is not a complete API specification. For such details, please refer to JDK 1.2 documentation. Acknowledgments
It is a cliche to say that writing a book is not possible without the help of many others, but it is true. I am very grateful to Dick Neiss, my manager at JavaSoft, who encouraged me to write the book and regularly checked on my progress. Lisa Friendly, the Addison-Wesley Java series editor, helped by guiding me through the writing process while maintaining a constant but "friendly" pressure. The team at Addison-Wesley was tremendously helpful. I'd like particularly to thank Mike Hendrickson, Katherine Kwack, Marina Lang, Laura Michaels, Marty Rabinowitz, and Tracy Russ. They are always encouraging, kept faith in me, and rescued me whenever I encountered obstacles.
This book is centered around JDK 1.2 security development, a project that lasted fully two years, during which many people inside and outside of Sun Microsystems contributed in one way or another to the design, implementation, testing, and documentation of the final product. I would like to acknowledge Dirk Balfanz, Bob Blakley, Josh Bloch, David Bowen, Gilad Bracha, David Brownell, Eric Chu, David Connelly, Mary Dageforde, Drew Dean, Satya Dodda, Michal Geva, Gadi Guy, Graham Hamilton, Mimi Hills, Larry Koved, Charlie Lai, Sheng Liang, Tim Lindholm, Jan Luehe, Gary McGraw, Marianne Mueller, Tony Nadalin, Don Neal, Jeff Nisewanger, Yu-Ching Peng, Hemma Prafullchandra, Benjamin Renaud, Roger Riggs, Jim Roskind, Nakul Saraiya, Roland Schemers, Bill Shannon, Tom van Vleck, Dan Wallach, and Frank Yellin. I also appreciate the technical guidance from James Gosling and Jim Mitchell, as well as management support from Dick Neiss, Jon Kannegaard, and Alan Baratz. I have had the pleasure of chairing the Java Security Advisory Council, and I thank the external members, Ed Felten, Peter Neumann, Jerome Saltzer, Fred Schneider, and Michael Schroeder for their participation and superb insights into all matters that relate to computer security.
Isabel Cho, Lisa Friendly, Charlie Lai, Jan Luehe, Teresa Lunt, Laura Michaels, Stephen Northcutt, Peter Neumann, and a number of anonymous reviewers provided valuable comments on draft versions of this book.
G. H. Hardy once said that young men should prove theorems, while old men should write books. It is now time to prove some more theorems. Li Gong
Los Altos, California
June 1999 0201310007P04062001
From the Back Cover
Inside Java™ 2 Platform Security, the definitive and comprehensive guide to the Java security platform, has been thoroughly updated to reflect key additions and revisions to Java security technologies currently in use by leading technology companies. This second edition, penned by the Java experts at Sun Microsystems, provides a detailed look into the central workings of the Java security architecture and describes tools and techniques for successful implementation on even the most demanding network computing environment.
While Java has always provided a stronger security model than other platforms, this book reviews all the methods and practices required to improve security without sacrificing functionality. With tips on how to customize, extend, and refine the Java security architecture, users will have everything they need to protect their information assets from both external and internal threats.
This book's in-depth coverage encompasses security architecture, deployment, customization, new developments, and much more.
Designed for both the system administrator and software practitioner, this book delivers vital knowledge for building and maintaining a secure system using the Java 2 platform. With detailed code and usage examples throughout, Inside Java™ 2 Platform Security, Second Edition , is an indispensable resource for all platform security needs.
The Java™ Series is supported, endorsed, and authored by the creators of the Java technology at Sun Microsystems, Inc. It is the official place to go for complete, expert, and definitive information on Java technology. The books in this Series provide the inside information you need to build effective, robust, and portable applications and applets. The Series is an indispensable resource for anyone targeting the Java™ 2 platform.
Most helpful customer reviews
15 of 16 people found the following review helpful.
Go and buy this book
By Wilfred Springer
If you are new to Java, then you shouldn't buy this book.
If you are new to security, then you shouldn't buy this book.
If you prefer loads of examples instead of dense and precise explanations, then you shouldn't buy this book.
If you are looking for a pictorial guide on Java security, then you would probably have to go somewhere else as well.
However...
If you know your Java basics,
If you like completeness,
If you like preciseness,
If you want to know why the APIs look the way they do,
If you take nothing for granted,
If you want an update on latest changes,
If you like things to be drawn in a historical perspective,
If you want a book that you can pick up and read a chapter without having to go through it in a linear way,
If you are serious about security,
In that case you should now pick up your coat, and run to the nearest bookstore to buy this book.
The only thing I found odd in this book is the introduction into security, covering a discussion in general, and an overview of different types of security and access control models. The weird thing is that it introduces a lot of concepts, without actually refering to any of them in the chapters later on.
6 of 7 people found the following review helpful.
Not an easy read, but well worth the effort
By Satadru Roy
I'm not surprised this book has drawn so many negative reviews. This book is indeed difficult to digest but then the Java Security model itself is rich, subtle and takes time to master. The book does an admirable job of explaining the motivation behind the complete overhaul of the Java 1.1 security architecture, the Java 2 security API design nuances, the flexibility of the fine-grained access-control model in Java 2 and how the backward compatibility concerns with code written with 1.1 style security checks were addressed in the new design. The book also has an intersting chapter addressing security needs of objects in transit (RMI) and a short chapter on cryptography, which anyway is a vast subject in its own right. The key chapters to read are the 3,4 and 5, especially for people who have some background in Java 2 security.
On the negative side, I have to say, the book is inconsistent in parts - I have trouble believing that Li Gong wrote the entire book himself. It's amazing to see chapters discussing at length how you install Java 2, change your CLASSPATH on different platforms etc. while in the same book elsewhere, you see terse, packed explanations about how the classloader hierarchy works in 1.2 or how the basic access control algorithm is extended for privileged operations and some very concise but useful discussions about possible design alternatives in the core library itself. The code samples are very insightful in that they illustrate the workings of some of the core library classes itself with the new security infrastrucure and not some toy samples. However, this also makes the book an unlikely candidate for gleaning ready to use code samples from, which means, if you are looking for how to's and not whys this is probably not the book for you, you might want to consider the Oreilly book.
For people well experienced in Java and OO design, if you want to learn insights about why the security apis are designed the way they are, you might well consider giving this book multiple reads. It's well worth the effort.
In short, this is a difficult but good book. Hopefully, in subsequent editions Li Gong would work on making it better, and also include more details on interesting new additions like JAAS etc.
4 of 4 people found the following review helpful.
Required reading for anyone planning to use the Java SA
By hhinton@ee.ryerson.ca
This book provides comprehensive coverage of the Java Security Architecture.
As with all good security books, this one begins with an introduction to the fundamentals of computer and network security. For those new to Java security, there is also brief intro to security of the Java language and platform. The book quickly gets into the details of the new Security Architecture, with a detailed description of what is there, why it is there and how to use it. Sections on deploying and customizing the SA are of practical use to anyone in this situation. The book also contains a concise and useful discussion of object security and how to go about getting it. There is a detailed discussion of the Java Cryptography Architecture, a must if you plan on using the cryptographic functionality. The book concludes with a thought-provoking section on future directions. This book stands out because of the insightful discussions on why design decisions were made and the implications of these decisions. This makes the book interesting reading even if you aren't going to implement the SA in the immediate future. If you are planning on implementing the SA, don't do it without this book within grabbing distance.
Inside Java¿ 2 Platform Security: Architecture, API Design, and Implementation (2nd Edition), by Li Gong, Gary Ellison, Mary Dagefo PDF
Inside Java¿ 2 Platform Security: Architecture, API Design, and Implementation (2nd Edition), by Li Gong, Gary Ellison, Mary Dagefo EPub
Inside Java¿ 2 Platform Security: Architecture, API Design, and Implementation (2nd Edition), by Li Gong, Gary Ellison, Mary Dagefo Doc
Inside Java¿ 2 Platform Security: Architecture, API Design, and Implementation (2nd Edition), by Li Gong, Gary Ellison, Mary Dagefo iBooks
Inside Java¿ 2 Platform Security: Architecture, API Design, and Implementation (2nd Edition), by Li Gong, Gary Ellison, Mary Dagefo rtf
Inside Java¿ 2 Platform Security: Architecture, API Design, and Implementation (2nd Edition), by Li Gong, Gary Ellison, Mary Dagefo Mobipocket
Inside Java¿ 2 Platform Security: Architecture, API Design, and Implementation (2nd Edition), by Li Gong, Gary Ellison, Mary Dagefo Kindle
No comments:
Post a Comment